Most Wanted? Hacker puts German interior minister on Interpol list for 5 weeks
An Interpol “wanted” page said that Ulbig had been charged with “requesting the mass surveillance of over 55,000 cellular phones and gathering over one million call detail records” and was “wanted by the judicial authorities of Germany for prosecution.”
It turned out to have been an attempt by Saxony-based hacker and internet security expert Matthias Ungethum to draw the Interpol’s attention to a digital security hole he exposed in the organization’s website.
Ungethum, who previously found holes in FBI and NSA digital security, decided to target the international police organization. Apart from the German regional minister, the hacker also added videogame character Pac Man to the list of the world’s most wanted criminals.
The expert informed Interpol about the detected security hole on May 30.
He said he used Cross Site Scripting to put the profiles of the German minister and Pac Man among the listed murderers and terrorists.
The hacker explained that he did not directly manipulate Interpol’s website but rather extended a link leading to one of its pages to add desired content, as reported by the German broadcasting company MDR. He warned, however, that similar techniques could be used to spread various viruses via the website that would not be directly affected.
However, Ungethum received no answer from Interpol for some time. No action was actually taken until several German media, including Saxony’s Morgenpost and the MDR, reported on the issue on Wednesday. The fake pages have since been removed.
Interpol, in its turn, told RT that "no wanted persons notice was created or available for the German interior minister on the Interpol website. A corrupt internet address (URL) was created using a minor code vulnerability which gave the illusion of a wanted persons notice provided by the Interpol website."
Rachael Billington, head of Interpol's press and media relations also said that "this could only be seen by someone who was specifically provided with the corrupted URL, and then only in their own browser," adding that Interpol "always welcomes relevant information from the general public and has taken the appropriate steps to prevent this type of fake image being generated in the future."
"The Interpol website itself was never modified in anyway, nor would anyone visiting the Interpol website have seen the fake image," she added.
Ungethum is a self-taught computer security expert, who works with various companies and organizations and tests their digital security by trying to hack their internet pages and servers. He also occasionally “tested” the security of various websites on his own initiative, as it was in case of Interpol, the MDR reports.